Phishing Made Easy

Here is an interesting phishing attempt. It is signed "Admin Help Desk" and says to click on a link. The link requests a name, login, and password.

The link is to a page at my-hosting.panel.com and uses a form created at hotforms123.com. I had never heard of either of these, but it looks like they provide services that are suggested by their domain names. Of course, those services can be used and combined for nefarious purposes. And it looks like that's what this phishing attempt is doing.

The scheme looks a bit more sophisticated than average: the link no longer requests the information noted above. It's mostly a blank page. Perhaps this feature helps the perpetrators avoid prosecution.

And I don't know if it's just coincidence, but the name in the From: header achieved some notoriety in 2007 and in April 2009.


David Levine
Last modified: Wed Sep 2 08:15:22 CDT 2009